Administrator Ethical Dilemma

"Administrator" Dilemma - Part One

Background:

In order to insure normal service operations, the site administrator
and the operators of a computer system have access to the entire
system. This means that there is not really ANYTHING on a computer
that is truly private. (Files are usually protected from other users,
but not from the system folks). The upshot of this is that computer
sites have to trust the people in charge. These people can do
anything on the system, including delete or create or read files,
reroute mail, edit the log files, etc.

Many network programs (mail for example) pass off to people things
with which they can't deal. So, if somebody mistypes an address badly
enough, the postmaster of the machine gets a copy of the headers of
the message (and possibly the message itself).

The upshot of this is that all kinds of "funnyness" tends to get
dumped in their laps regularly, and they sometimes end up knowing all
kinds of little facts about some of their users. Their system
privileges allow them to investigate further if they think there is a
need.

Most sites are VERY careful about who receives system privileges.
Many sites will go so far as to pull system privileges away from
anybody they suspect of wrongdoing, even without proof. Other sites
just assume that this risk is a necessary evil, and don't worry about
the people in charge.

The views of Nick Klaws (Site administrator for machine Mega.Pseumata at
Whasamatta U.)

"We get a lot of students cheating here, so we keep close tabs on what
they do. When we saw that Joe's account had a usage pattern much different
than everyone else in his class, we went in to see what he was up to.

We found that he was (Take your pick...)

Doing accounting for a private company

Keeping records on every Zork game ever played

editing a paper for the Bestiality study group

writing love letters to his girl friend

writing love letters to his dog

use of the machine for other than class of your choice

and we deleted the files and tossed him off of our machine. It's our
machine, and we can do what we want with it. There is no law against what
we did.

If you stored your papers in a bin on my desk, and I looked into them
because I thought there might be a problem, nobody would think it odd.
Well, that machine is on my desk, I thought there might be a problem,
and I looked through them."

The views of Joseph Blow (the student who was tossed off the machine):

"If you wanted to search my locker or room, you'd have to get a
search warrant. Just because there is no specific law that says you
have to get a warrant for the computer files does not make it right.

There is an expectation of privacy when we put things into our
private files."

Why is this a COMPUTER ethics problem and not just a common ethics
problem?

The handling of most computer actions is far ahead of any laws on
the subject. It is only very recently that any laws have covered how
people handle files on their own systems. As late as the early 1990's
administrators could read anyone's mail for any reason (even
entertainment) without breaking any laws whatsoever. There have been
a number of laws passed recently that cover parts of the issue, but
many situations are still unclear, or the laws concerning them are
still untested. For people working for commercial companies there
are still very few legal privacy protections.

Part 2

Joseph Blow:

"Without a computer account, I can't pass my computer classes, and I
can't graduate. Your actions effectively toss me out of the
university without a hearing, and without recourse.

They claimed there was no law against what they did. But by the
same token, there is no law against what I did.

In any non-computer activity, the university has to abide by due
process. There have to be hearings. There is always review before
action is taken. Who elected you folks God, that you are not bound by
the kinds of restraints that everyone else is?"

Nick Klaws:

"If you are not going to follow the rules on our machine, you don't
get to use our machine. It is not our fault if this causes you
problems with your classes.

Having a computer down for even a few hours causes serious problems.

Having to wait for days before taking action could often mean that we
would have to work months cleaning up the mess.

The normal university procedures CAN'T be completed in less than a
week. Even if they could, the university administrators don't
understand the issues and we spend days getting the ideas across. In
cases such as chain letters, for example, we might have to act
immediately to prevent the system from becoming totally unusable."

Blow's Lawyer (hereafter B):

"Do you have any proof that Mr. Blow caused the problems that caused
him to be denied computer access?"

Whasamatta U's Lawyer (hereafter U):

"We have the logs of the usage, copies of the files involved, and
even a copy of the electronic mail Mr. Blow sent admitting the
violation before he knew how much trouble he was in."

Lawyer vs. Lawyer

B: "These are all printouts of files on the computer?"

U: "Yes."

B: "Doesn't Mr. Klaus have the ability to read and write EVERY file
on the system, including the files that you brought as evidence?"

U: "Yes, but he did not alter those files."

B: "How do you know?"

U: "The log file shows no such tampering."

B: "Isn't that log file itself one to which he has access?"

U: "Yes."

The problem here is that EVERY file on the system is accessible to the
site administrator, and they generally leave no tracks when they change
a file. ("What, the 'last written date' shows I edited it? No problem,
I'll just set that date back...")

Even electronic mail to other sites is not tamper-proof. Any good
postmaster can forge mail from anybody to anybody. With care the
forgery is totally undetectable.

If you always believe the administrator, you will effectively concede
to him or her the ability to take advantage of anybody at any time for
any reason.

But if you always believe the student, you will effectively give the
student the ability to get away with anything he or she wishes to do,
including violation of serious laws.

Anything on the system can be faked (often the student also can fake
items...), and there is no evidence of it, on or off the system.